Scribd Logo
Upload

Welcome to Scribd!

  • Understanding Computer Accounts

    Uploaded by

    Rocher Quiambao
    37 views13 pages
    All about computers

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    All about computers

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    37 views13 pages

    Understanding Computer Accounts

    Uploaded by

    Rocher Quiambao
    All about computers

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 13

    Understanding

    Computer
    Accounts

    Topic Objectives:
    Be familiar on which versions of Windows

    Server has computer accounts


    Understand on what is Computer Account
    Identify the attributes of a Computer Account
    Identify the use of User Accounts and
    Computer Accounts

    Windows Server versions with


    Computer Accounts
    Every computer running WindowsNT,

    Windows2000, WindowsXP, WindowsVista, or


    Windows 7 or server running
    WindowsServer2003, Windows Server2008,
    Windows Server 2012 or Windows
    Server2008R2 that joins a domain has a
    computer account.
    Note: Computers running Windows95 and
    Windows98 do not have advanced security
    features. Therefore, they are not assigned
    computer accounts.

    What is Computer
    Account
    Like user accounts, computer accounts

    provide a means for authenticating and


    auditing access to the network and to domain
    resources. Each computer account must be
    unique.
    A computer account in Active Directory is very
    similar to a user account in Active Directory.
    Fundamentally, a computer account and a
    user account are made from the same
    attributes.

    What is Computer
    Account
    Like a user account, the computer account has a
    password. Unlike a user account, this password is
    randomly generated.
    This password is supplied to the domain when the
    computer starts up which allows a secure
    connection to be created between the computer
    and the Domain Controller.
    Moreover, it is automatically changed after 30
    days. If the computer has not connected to the
    domain for more than 30 days, the computer will
    still be able to access the domain. The password
    for the computer account will be changed the next
    time the computer connects to the domain.

    Attributes of Computer Accounts


    When the domain functional level is set to

    Windows Server2008, Windows


    Server2008R2, or Windows Server 2012a
    lastLogonTimestamp attribute is used to
    track the last logon time of a user or computer
    account.
    This attribute is replicated within the domain,
    and it can provide you with important
    information regarding the history of a user or
    computer.

    Attributes of Computer Accounts


    Each computer account that is created in

    ActiveDirectory Domain Services (ADDS)


    has a relative distinguished name,
    a preWindows2000 computer name (Security

    Accounts Manager (SAM) account name),


    a primary Domain Name System (DNS) suffix,
    a DNS host name, and a service principal name
    (SPN).

    Attributes of Computer Accounts


    The administrator enters the computer name

    when he or she creates the computer account.


    This computer name is used as the
    Lightweight Directory Access Protocol (LDAP)
    relative distinguished name.
    ADDS suggests the preWindows2000 name
    using the first 15bytes of the relative
    distinguished name. The administrator can
    change the preWindows2000 name at any
    time.

    Attributes of Computer Accounts


    The DNS name for a host is called a full

    computer name. This is a DNS fully qualified


    domain name (FQDN).
    The full computer name is a concatenation of
    the computer name (the first 15bytes of the
    SAM account name of the computer account
    without the "$" character) and the primary
    DNS suffix (the DNS domain name of the
    domain in which the computer account
    exists).

    Attributes of Computer Accounts


    By default, the primary DNS suffix portion of the

    FQDN for a computer must be the same as the


    name of the ActiveDirectory domain where the
    computer is located.
    To allow different primary DNS suffixes, a domain
    administrator may build a restricted list of allowed
    suffixes by creating the msDSAllowedDNSSuffixes attribute in the domain
    object container. The domain administrator creates
    and manages this attribute with ActiveDirectory
    Service Interfaces (ADSI) or LDAP.

    Attributes of Computer Accounts


    The SPN is a multivalue attribute. It is usually

    built from the DNS name of the host. The SPN


    is used in the process of mutual
    authentication between the client and the
    server hosting a particular service.
    The client finds a computer account based on
    the SPN of the service to which it is trying to
    connect. Members of the Domain Admins
    group can modify the SPN.

    Uses of User Accounts and


    Computer Accounts
    Active Directory user accounts and computer

    accounts represent a physical entity such as a


    computer or person. User accounts can also
    be used as dedicated service accounts for
    some applications.
    A user or computer account is used to:
    Authenticate the identity of a user or computer.
    Authorize or deny access to domain resources.
    Administer other security principals.
    Audit actions performed using the user or

    computer account.

    Web references
    http://itfreetraining.com/70-640/computer-

    accounts/
    http://technet.microsoft.com/enus/library/cc731641.aspx
    http://msdn.microsoft.com/enus/library/cc759279%28v=ws.10%29.aspx

    You might also like